===================== = End-of-Day report = =====================
Timeframe: Mittwoch 25-10-2017 18:00 − Freitag 27-10-2017 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter
===================== = News = =====================
∗∗∗ Reaper IoT botnet aint so scary, contains fewer than 20,000 drones ∗∗∗ --------------------------------------------- But numbers arent everything, are they, Dyn? The Reaper IoT botnet is nowhere near as threatening as previously suggested, according to new research.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/10/27/reaper_iot_b...
∗∗∗ A Bug in a Popular Maritime Platform Left Ships Exposed ∗∗∗ --------------------------------------------- The AmosConnect 8 web platform has vulnerabilities that could allow data to be exposed—underscoring deeper problems with maritime security. --------------------------------------------- https://www.wired.com/story/bug-in-popular-maritime-platform-isnt-getting-fi...
∗∗∗ SANS Reading Room ∗∗∗ --------------------------------------------- The SANS Reading Room features over 2,730 original computer security white papers in 105 different categories. --------------------------------------------- https://www.sans.org/reading-room/
∗∗∗ Sicherheitslücken in FortiOS mit hohem Angriffsrisiko ∗∗∗ --------------------------------------------- Im Betriebssystem FortiOS klaffen zwei Schwachstellen. Sicherheitsupdates reparieren das System. --------------------------------------------- https://heise.de/-3873331
∗∗∗ The race to quantum supremacy and its cybersecurity impact ∗∗∗ --------------------------------------------- Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is possible. Most experts now agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application will happen. Optimistic estimates for commercialization by the private sector vary between 5 and 15 years, while more conservative estimates by academics put it at [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/10/26/quantum-supremacy/
∗∗∗ Please don’t buy this: smart locks ∗∗∗ --------------------------------------------- The announcement of Amazon Key, a smart lock paired with a security camera that lets couriers into your home, spawned our new series called "Please dont buy this." --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/10/please-dont-buy-this-sm...
∗∗∗ How to secure your router to prevent IoT threats? ∗∗∗ --------------------------------------------- The router is the first device that you must consider, since it not only controls the perimeter of your network, but all your traffic and information pass through it. --------------------------------------------- https://www.welivesecurity.com/2017/10/26/secure-your-router-prevent-iot-thr...
===================== = Vulnerabilities = =====================
∗∗∗ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II ∗∗∗ --------------------------------------------- On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-...
∗∗∗ BlackBerry powered by Android Security Bulletin – October 2017 ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNum...
∗∗∗ BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNum...
∗∗∗ Korenix JetNet ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01
∗∗∗ Rockwell Automation Stratix 5100 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02
∗∗∗ Bugtraq: October 2017 - Bamboo - Critical Security Advisory ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541424
∗∗∗ DFN-CERT-2017-1898/">F-Secure KEY: Mehrere Schwachstellen ermöglichen das Ausspähen von Anmeldeinformationen ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1898/
∗∗∗ DFN-CERT-2017-1904/">GNU Wget: Zwei Schwachstellen ermöglichen die Ausführung beliebigen Programmcodes und Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1904/
∗∗∗ DFN-CERT-2017-1905/">Node.js: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1905/
∗∗∗ DFN-CERT-2017-1890/">PHP: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-1890/
∗∗∗ F5 Security Advisories ∗∗∗ --------------------------------------------- https://support.f5.com/csp/new-updated-articles
∗∗∗ IBM Security Bulletins ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/
∗∗∗ Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2 ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171017-01-w...
∗∗∗ Security Advisory - Permission Control Vulnerability in Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171027-0...